Автор Тема: Къде ми е грешката?  (Прочетена 687 пъти)

SRG

  • Напреднали
  • *****
  • Публикации: 110
    • Профил
    • WWW
Къде ми е грешката?
« -: Sep 18, 2006, 12:07 »
Имам едно питане относно шейпинг на трафик и по-скоро маркиране на пакети,като проблема е следния - направил съм си този скрипт:

Примерен код
#!/bin/sh
#

DEV=net
RATEUP=7000
MINCLASSRATE=1000

# should be RATEUP/7

TC="/sbin/tc"
IPTABLES="/sbin/iptables"


$TC qdisc add dev $DEV root handle 1: htb default 26

$TC class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit

$TC class add dev $DEV parent 1: classid 1:2 htb rate 100mbit

$TC class add dev $DEV parent 1:1 classid 1:20 htb rate ${MINCLASSRATE}kbit ceil ${RATEUP}kbit prio 0
$TC class add dev $DEV parent 1:1 classid 1:21 htb rate ${MINCLASSRATE}kbit ceil ${RATEUP}kbit prio 1
$TC class add dev $DEV parent 1:1 classid 1:22 htb rate ${MINCLASSRATE}kbit ceil ${RATEUP}kbit prio 2
$TC class add dev $DEV parent 1:1 classid 1:23 htb rate ${MINCLASSRATE}kbit ceil ${RATEUP}kbit prio 3
$TC class add dev $DEV parent 1:1 classid 1:24 htb rate ${MINCLASSRATE}kbit ceil ${RATEUP}kbit prio 4
$TC class add dev $DEV parent 1:1 classid 1:25 htb rate ${MINCLASSRATE}kbit ceil ${RATEUP}kbit prio 5
$TC class add dev $DEV parent 1:1 classid 1:26 htb rate ${MINCLASSRATE}kbit ceil ${RATEUP}kbit prio 6

$TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
$TC qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
$TC qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
$TC qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10
$TC qdisc add dev $DEV parent 1:24 handle 24: sfq perturb 10
$TC qdisc add dev $DEV parent 1:25 handle 25: sfq perturb 10
$TC qdisc add dev $DEV parent 1:26 handle 26: sfq perturb 10

$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
$TC filter add dev $DEV parent 1:0 prio 0 protocol ip handle 2 fw flowid 1:2

$IPTABLES -t mangle -N SHAPER
$IPTABLES -t mangle -I POSTROUTING -o $DEV -j SHAPER

$IPTABLES -t mangle -A SHAPER -p tcp --sport 80 -j MARK --set-mark 22
$IPTABLES -t mangle -A SHAPER -p tcp --dport 80 -j MARK --set-mark 22
$IPTABLES -t mangle -A SHAPER -p tcp --sport 0:1024 -j MARK --set-mark 23
$IPTABLES -t mangle -A SHAPER -p tcp --dport 0:1024 -j MARK --set-mark 23
$IPTABLES -t mangle -A SHAPER -p tcp -m length --length :64 -j MARK --set-mark 2
$IPTABLES -t mangle -A SHAPER -m tos --tos Minimize-Delay -j MARK --set-mark 21
$IPTABLES -t mangle -A SHAPER -m tos --tos Minimize-Delay -j RETURN
$IPTABLES -t mangle -A SHAPER -m tos --tos Minimize-Cost -j MARK --set-mark 24
$IPTABLES -t mangle -A SHAPER -m tos --tos Minimize-Cost -j RETURN
$IPTABLES -t mangle -A SHAPER -m tos --tos Maximize-Throughput -j MARK --set-mark 25
$IPTABLES -t mangle -A SHAPER -m tos --tos Maximize-Throughput -j RETURN
$IPTABLES -t mangle -A SHAPER -p icmp -j MARK --set-mark 20
$IPTABLES -t mangle -A SHAPER -m layer7 --l7proto bittorrent -j MARK --set-mark 25
$IPTABLES -t mangle -A SHAPER -m layer7 --l7proto dhcp -j MARK --set-mark 23
$IPTABLES -t mangle -A SHAPER -m layer7 --l7proto dns -j MARK --set-mark 23
$IPTABLES -t mangle -A SHAPER -m layer7 --l7proto jabber -j MARK --set-mark 23
$IPTABLES -t mangle -A SHAPER -m layer7 --l7proto ftp -j MARK --set-mark 24
$IPTABLES -t mangle -A SHAPER -m layer7 --l7proto ssh -j MARK --set-mark 21
$IPTABLES -t mangle -A SHAPER -d 192.168.1.0/24 -j MARK --set-mark 2
$IPTABLES -t mangle -A SHAPER -j MARK --set-mark 26


...,но след tc -s class show dev net:

Примерен код
Device net:
qdisc htb 1: r2q 10 default 26 direct_packets_stat 52 ver 3.17
 Sent 7005580635 bytes 9548684 pkt (dropped 15422, overlimits 9833972 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 20: parent 1:20 limit 128p quantum 1514b flows 128/1024 perturb 10sec
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 21: parent 1:21 limit 128p quantum 1514b flows 128/1024 perturb 10sec
 Sent 932762 bytes 2199 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 22: parent 1:22 limit 128p quantum 1514b flows 128/1024 perturb 10sec
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 23: parent 1:23 limit 128p quantum 1514b flows 128/1024 perturb 10sec
 Sent 12112 bytes 8 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 24: parent 1:24 limit 128p quantum 1514b flows 128/1024 perturb 10sec
 Sent 2868 bytes 52 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 25: parent 1:25 limit 128p quantum 1514b flows 128/1024 perturb 10sec
 Sent 6888391914 bytes 9440931 pkt (dropped 15422, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 26: parent 1:26 limit 128p quantum 1514b flows 128/1024 perturb 10sec
 Sent 116193837 bytes 105417 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
class htb 1:22 parent 1:1 leaf 22: prio 2 quantum 12500 rate 1000Kbit ceil 7000Kbit burst 1725b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 13800 ctokens: 2828

class htb 1:1 root rate 7000Kbit ceil 7000Kbit burst 2474b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 7
 Sent 7011542047 bytes 9548649 pkt (dropped 0, overlimits 0 requeues 0)
 rate 5685Kbit 1635pps backlog 0b 0p requeues 0
 lended: 7984584 borrowed: 0 giants: 0
 tokens: -4698 ctokens: -4698

class htb 1:23 parent 1:1 leaf 23: prio 3 quantum 12500 rate 1000Kbit ceil 7000Kbit burst 1725b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 0
 Sent 12112 bytes 8 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 7 borrowed: 1 giants: 0
 tokens: -22315 ctokens: -617

class htb 1:2 root prio 0 quantum 200000 rate 100000Kbit ceil 100000Kbit burst 14100b/8 mpu 0b overhead 0b cburst 14100b/8 mpu 0b overhead 0b level 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 1128 ctokens: 1128

class htb 1:20 parent 1:1 leaf 20: prio 0 quantum 12500 rate 1000Kbit ceil 7000Kbit burst 1725b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 13800 ctokens: 2828

class htb 1:21 parent 1:1 leaf 21: prio 1 quantum 12500 rate 1000Kbit ceil 7000Kbit burst 1725b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 0
 Sent 935488 bytes 2202 pkt (dropped 0, overlimits 0 requeues 0)
 rate 928bit 1pps backlog 0b 0p requeues 0
 lended: 2129 borrowed: 73 giants: 0
 tokens: -6541 ctokens: -68

class htb 1:26 parent 1:1 leaf 26: prio 6 quantum 12500 rate 1000Kbit ceil 7000Kbit burst 1725b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 0
 Sent 116210323 bytes 105442 pkt (dropped 0, overlimits 0 requeues 0)
 rate 281120bit 28pps backlog 0b 0p requeues 0
 lended: 97630 borrowed: 7811 giants: 0
 tokens: -22464 ctokens: -2332

class htb 1:24 parent 1:1 leaf 24: prio 4 quantum 12500 rate 1000Kbit ceil 7000Kbit burst 1725b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 0
 Sent 2868 bytes 52 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 52 borrowed: 0 giants: 0
 tokens: 13416 ctokens: 2774

class htb 1:25 parent 1:1 leaf 25: prio 5 quantum 12500 rate 1000Kbit ceil 7000Kbit burst 1725b/8 mpu 0b overhead 0b cburst 2474b/8 mpu 0b overhead 0b level 0
 Sent 6888396024 bytes 9440948 pkt (dropped 15422, overlimits 0 requeues 0)
 rate 5667Kbit 1655pps backlog 0b 2p requeues 0
 lended: 1464247 borrowed: 7976699 giants: 0
 tokens: -24003 ctokens: -1462


...започвам да си мисля,че съм объркал нещо,защото трафика минава само през 21,25 и 26 и това при положение,че от същия хост се дърпа голям файл през порт 80 и трафика му би трябвало да минава през 22.Честно казано не разбирам кой знае колко от iptables и tc и за това не мога да хвана къде и какво съм объркал,та ако някой,който разбира може да хвърли един поглед и да даде съвет какво да променя и защо ще му бъда благодарен.
Активен
Jabber:sergos1@jabber.org

VladSun

  • Напреднали
  • *****
  • Публикации: 2166
    • Профил
Къде ми е грешката?
« Отговор #1 -: Sep 18, 2006, 17:02 »
Защото само след тях имаш RETURN, иначе всичко останало става 26 МАРК.

Почни преди всякакво маркиране с:

--set-mark 0

и във всяко следващо правило за маркиране добави и

-m mark --mark 0

като махнеш и тези правила с RETURN

ПП: Само да ти подскажа, че не виждам ТС правила за обратния канал.



Активен
KISS Principle ( Keep-It-Short-and-Simple )
http://openfmi.net/projects/flattc/
Има 10 вида хора на този свят - разбиращи двоичния код и тези, които не го разбират :P

SRG

  • Напреднали
  • *****
  • Публикации: 110
    • Профил
    • WWW
Къде ми е грешката?
« Отговор #2 -: Sep 19, 2006, 10:38 »
VladSun,благодаря за съветите.Сега вече всичко се маркира както трябва.Искам само да попитам за входящия канал дали да използвам нещо от сорта на:
Примерен код
tc qdisc add dev imq0 handle 1: root htb default 21

tc class add dev imq0 parent 1: classid 1:1 htb rate ${RATEDN}kbit

tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[$RATEDN/4]kbit ceil ${RATEDN}kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:21 htb rate $[$RATEDN/4]kbit ceil ${RATEDN}kbit prio 1
tc class add dev imq0 parent 1:1 classid 1:22 htb rate $[$RATEDN/4]kbit ceil ${RATEDN}kbit prio 2
tc class add dev imq0 parent 1:1 classid 1:23 htb rate $[$RATEDN/4]kbit ceil ${RATEDN}kbit prio 3

tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev imq0 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev imq0 parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev imq0 parent 1:23 handle 23: red limit 1000000 min 5000 max 100000 avpkt 1000 burst 50

tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
 или един "прост" tc qdisc add dev $DEV handle ffff: ingress ............... ще свърши работа?!?
Активен
Jabber:sergos1@jabber.org